The Docker yaml contains the SETTINGS_ENCRYPTION_KEY parameter. Unfortunately, the documentation over at Docker Hub or duplicati.com doesn’t provide any details on how to set and use this parameter.
-
Which values can be set here? Only alphanumeric characters? How about special characters? Any restriction on minimal or maximum character length?
-
What’s the key actually used for? When do I have to enter this value again during everyday use of Duplicati? (for example, I have to enter the DUPLICATI__WEBSERVICE_PASSWORD parameter when accessing the GUI).
You can use special characters as well. I would not use anything outside ASCII range for portability concerns, but you can use extended characters as well. The is no imposed maximum length on the key, but it needs to be in the environment variable (or commandline), so those limits apply depending on your operating system.
The minimum key length is 8 characters.
The key is only used to encrypt the contents of the Duplicati-server.sqlite database file. Inside this database, the backup encryption passphrase and remote storage credentials are stored. Encrypting the database contents ensures that accidental exposure of the database file does not compromise the backup data.
Because Duplicati needs access to the database on startup, the encryption key must be available on each startup, but is not expected to be entered manually during normal operations.